package com.person.ntv.shiro.realm;

import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import com.person.ntv.entity.sys.SysUser;
import com.person.ntv.service.sys.SysUserService;

public class UserRealm extends AuthorizingRealm{
  @Autowired
  private SysUserService sysUserService;
  @Override
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
      SysUser user = (SysUser)principals.getPrimaryPrincipal();
      SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
      List<Map<String,Object>>roleList=user.getRoleSet();
      Set<String> roleSet=new HashSet<String>();
      if(roleList!=null&&roleList.size()>0)
      for(Map<String,Object> role:roleList){
    	  roleSet.add(role.get("roleId").toString());
      }
      authorizationInfo.setRoles(roleSet);
      authorizationInfo.setStringPermissions(null);
      return authorizationInfo;
  }

  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
      String userAccount=(String)token.getPrincipal();
      SysUser cu =new SysUser();
      cu.setUserAccount(userAccount);
      SysUser user = sysUserService.selectOne(cu);
      if(user == null) {
          throw new UnknownAccountException();//没找到帐号
      }

      if(user.getUserStatus().equals("3")) {
          throw new LockedAccountException("账号锁定！"); //帐号锁定
      }
      
      if(user.getUserStatus().equals("2")) {
          throw new LockedAccountException("账号禁用！"); //帐号禁用
      }
      //查询角色信息
      List<Map<String,Object>>roleList = sysUserService.getUserRoleList(Integer.valueOf(user.getId().toString()));
      user.setRoleSet(roleList);
      //交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配，如果觉得人家的不好可以自定义实现
      
      SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
              user, //用户
              user.getUserPassword(), //密码
              ByteSource.Util.bytes(user.getCridentialSalt()),//salt=userAccount+salt
              getName()  //realm name
      );
      return authenticationInfo;
  }

  @Override
  public void clearCachedAuthorizationInfo(PrincipalCollection principals) {
      super.clearCachedAuthorizationInfo(principals);
  }

  @Override
  public void clearCachedAuthenticationInfo(PrincipalCollection principals) {
      super.clearCachedAuthenticationInfo(principals);
  }

  @Override
  public void clearCache(PrincipalCollection principals) {
      super.clearCache(principals);
  }

  public void clearAllCachedAuthorizationInfo() {
      getAuthorizationCache().clear();
  }

  public void clearAllCachedAuthenticationInfo() {
      getAuthenticationCache().clear();
  }

  public void clearAllCache() {
      clearAllCachedAuthenticationInfo();
      clearAllCachedAuthorizationInfo();
  }
}
